[Fedora-packaging] Re: Possible UsersAndGroupsDraft
ssorce at redhat.com
Thu Jun 14 17:21:28 UTC 2007
On Thu, 2007-06-14 at 17:25 +0200, Axel Thimm wrote:
> On Thu, Jun 14, 2007 at 08:40:16AM -0500, Tom spot Callaway wrote:
> > On Thu, 2007-06-14 at 10:19 +0200, Axel Thimm wrote:
> > > On Wed, Jun 13, 2007 at 11:45:27PM -0500, Tom spot Callaway wrote:
> > > > I'm not quite sure I'm ready to bring this to the FPC for a vote, but
> > > > I've been working on a modified version of Ville's draft:
> > > >
> > > > http://fedoraproject.org/wiki/TomCallaway/UsersAndGroupsDraft
> > > >
> > > > While this is more complicated, I think it more adequately covers the
> > > > corner cases of adding users and groups. Thoughts?
> > >
> > > It is far too complicated, Ville's version did the job already quite
> > > well. You're also introducing non-standard tools again. :/
> > Not really. The tools I introduced are helper scripts.
> > Ville's draft only created the user/group if it didn't exist, and if
> > not, didn't, but left the files owned as that user/group. That security
> > issue concerns me.
> Yes, but the proposed complicated apparatus does not justify
> this. Better to have %pre fail then and deal with the transaction
> mess. After all how often will a sysadmin have created a non-system
> user "amanda" (and accidentially install amanda w/o remembeing that he
> had such a user)?
Axel, you couldn't choose a worst example :)
Amanda is also a real name (female in Italy), so it is plausible that
you have such user in your system.
It is also entirely possible that the admin does not know that such user
exists as users may come from ldap,nis,winbindd and not created by such
admin but by someone else.
I think at least a check to see if the "amanda" user is < 1000 would
make a lot of sense.
More information about the Fedora-packaging